PlayUKlottery.com - win up to 42 million Pounds
Lesson 4: Introduction to Planning

Cover
LOC Page
About This Book
Chapter and Appendix Overview
Getting Started
The Microsoft Certified Professional Program
Technical Support
Chapter 1 -- The Microsoft Windows 2000 Platform
Lesson 1: Overview of the Windows 2000 Platform
Lesson 2: Windows 2000 Professional
Lesson 3: Windows 2000 Server
Lesson 4: Windows 2000 Advanced Server and Windows 2000 Datacenter Server
Review
Chapter 2 -- Installing Windows 2000
Lesson 1: Preparing to Install
Lesson 2: Installing Windows 2000 from a CD-ROM
Lesson 3: Installing Windows 2000 over the Network
Lesson 4: Troubleshooting Windows 2000 Setup
Review
Chapter 3 -- Configuring the DNS Service
Lesson 1: Understanding DNS
Lesson 2: Resolving Names
Lesson 3: Installing the DNS Service
Lesson 4: Configuring the DNS Service
Lesson 5: Configuring a DNS Client
Lesson 6: Troubleshooting the DNS Service
Review
Chapter 4 -- Implementing Active Directory Directory Services
Lesson 1: Introduction to Active Directory Directory Services
Lesson 2: Active Directory Structure and Site Replication
Lesson 3: Active Directory Concepts
Lesson 4: Introduction to Planning
Lesson 5: Installing Active Directory Directory Services
Lesson 6: Configuring Active Directory Replication
Review
Chapter 5 -- Administering Active Directory Directory Services
Lesson 1: Creating Organizational Units
Lesson 2: Creating User and Computer Accounts
Lesson 3: Managing Groups
Lesson 4: Controlling Access to Active Directory Objects
Review
Chapter 6 -- Managing Desktop Environments with Group Policy
Lesson 1: Understanding Group Policy
Lesson 2: Applying Group Policy
Lesson 3: Configuring Group Policy
Review
Chapter 7 -- Managing Software by Using Group Policy
Lesson 1: Introducing the Software Installation and Maintenance Technology
Lesson 2: Deploying Software
Lesson 3: Upgrading Software
Lesson 4: Managing Software
Review
Chapter 8 -- Managing File Resources
Lesson 1: Sharing and Publishing File Resources
Lesson 2: Administering Shared Folders by Using Dfs
Lesson 3: Using NTFS Special Access Permissions
Lesson 4: Managing Disk Quotas on NTFS Volumes
Lesson 5: Increasing Security with EFS
Lesson 6: Using Disk Defragmenter
Review
Chapter 9 -- Configuring Remote Access
Lesson 1: Understanding the New Authentication Protocols in Windows 2000
Lesson 2: Configuring Inbound Connections
Lesson 3: Configuring Outbound Connections
Lesson 4: Examining Remote Access Policies
Lesson 5: Creating a Remote Access Policy
Review
Chapter 10 -- Supporting DHCP and WINS
Lesson 1: New DHCP Functionality
Lesson 2: New WINS Functionality
Review
Chapter 11 -- Managing Disks
Lesson 1: Introduction to Disk Management
Lesson 2: Common Disk Management Tasks
Review
Chapter 12 -- Implementing Disaster Protection
Lesson 1: Using Fault-Tolerant Volumes
Lesson 2: Using Advanced Startup Options
Lesson 3: Using the Recovery Console
Lesson 4: Using the Backup Utility
Lesson 5: Performing an Emergency Repair
Review
Chapter 13 -- Upgrading a Network to Windows 2000
Lesson 1: Planning a Network Upgrade
Lesson 2: Establishing the Root Domain
Lesson 3: Upgrading Domain Controllers and Member Servers
Lesson 4: Upgrading Client Operating Systems
Review
Chapter 14 -- Using Remote Installation Services
Lesson 1: Performing Remote Installations
Lesson 2: Creating Distribution Servers
Review
Appendix A -- Questions and Answers
Appendix B -- Creating Setup Disks
About This Electronic Book
About Microsoft Press


[Previous] [Next]

Lesson 4: Introduction to Planning

When you decide to establish a Windows 2000 network environment, you must consider how to implement a DNS namespace and Active Directory directory services. First, examine the business structure and operation of your organization.

In many organizations, the IS department defines and implements the network structure down to the smallest detail. Other organizations, especially large enterprises, take a decentralized approach to managing business relationships and networks. These organizations might have multiple business units, each with different requirements for managing their network resources.

When planning the implementation of a namespace and Active Directory directory services for your organization, consider the following issues: physical office locations, future growth and reorganization, and access to network resources. This lesson introduces some of the general considerations in planning for your Active Directory directory services implementation.

After this lesson, you will be able to

  • Explain considerations for planning an Active Directory directory services implementation.

Estimated lesson time: 10 minutes

Planning a Namespace

If your network already has a presence on the Internet, you must decide whether to extend the external namespace for internal use or to create a new namespace.

Extending an Existing Namespace

You can extend an existing namespace to include it in Windows 2000 Server domains. You should consider using the same namespace for internal and external resources when you want to do the following:

  • Have consistent tree names for internal and external resources

  • Use the same logon and user names for internal and external resources

  • Reserve no more than one DNS namespace

When you use the same namespace, you must create two separate DNS zones for your organization. One zone provides name resolution for internal resources, and the other provides name resolution for external resources, such as Web servers, File Transfer Protocol (FTP) servers, mail servers, and so on.

Creating a New Internal Namespace

You also can have different namespaces for internal and external resources. In this configuration, all internal corporate servers use one namespace, while external resources, such as Internet and FTP servers, use a different namespace. This configuration requires you to reserve two namespaces with an Internet DNS registration authority. Consider using different namespaces for internal and external resources when you want to have the following:

  • A clear distinction between internal and external resources

  • Separate internal and external resource management

  • Simple client browser and proxy client configuration

Planning a Site

You maintain a domain structure and a site structure separately in Active Directory directory services. A single domain can include multiple sites, and a single site can include multiple domains, or parts of multiple domains.

As you plan sites, consider the availability of bandwidth for the replication traffic that occurs within a domain. For example, assume that you have offices in Phoenix, Arizona, and Flagstaff, Arizona, and assume that both offices are in the same site. In this case, the domain controllers in each office would be replicating frequently. However, by establishing each office as a separate site, you can specify a replication schedule to take advantage of hours when there is less demand on network resources, when more connections are available, or even when dial-up connections are less expensive.

Use the following guidelines as you plan how to combine subnets into sites:

  • Combine only those subnets that share fast, inexpensive, and reliable network connections of at least 512 Kbps.

  • Configure sites so that replication within the site occurs at times or intervals that do not interfere with network performance.

Planning Organizational Units

In a single domain, you can organize user accounts and resources by using a hierarchy of OUs to reflect the structure of your company. Just as your organization can have multiple levels of management, you can establish multiple levels of management within a domain based on OUs.

Consider creating an OU if you want to do the following:

  • Reflect your company's structure and organization within a domain (see Figure 4.11). Without OUs, all user accounts are maintained and displayed in a single list, regardless of a user's department, location, or role.

  • Delegate administrative control over network resources while maintaining the ability to manage them. You can grant administrative permissions to user accounts or groups at the OU level.

  • Accommodate potential changes in your company's organizational structure. You can move user accounts between OUs easily, while moving user accounts between domains generally requires more time and effort.

  • Group objects to allow administrators to locate similar network resources more easily to perform administrative tasks. For example, you could group all user accounts for temporary employees in an OU.

  • Restrict visibility of network resources in Active Directory directory services. Users can view only the objects to which they have access.

Click to view at full size.

Figure 4.11 Organizational units

Lesson Summary

Planning for implementing Active Directory directory services can be extremely complex. For example, when you plan the implementation of a namespace and Active Directory directory services for your organization, you must consider the following issues: physical office locations, future growth and reorganization, and access to network resources. If your network already has a presence on the Internet, you must decide whether to extend the external namespace for internal use or to create a new namespace.

When you plan your sites, you must consider the availability of bandwidth for the replication traffic within a domain. You might also want to determine how to take advantage of hours when there is less demand on network resources, when more connections are available, or even when dial-up connections are less expensive.

You also have to plan your OU structure. Your OU structure could reflect your company's structure and organization within a domain, allow you to delegate administrative control over network resources while maintaining the ability to manage them, or restrict visibility of network resources in Active Directory directory services.